Step: ocm-ci-manifest-update

This workflow mirrors an image from the CI Registry to a given image ref and updates the OCM manifest accordingly.

Container image used for this step: open-cluster-management/builder:go1.16-linux

open-cluster-management/builder:go1.16-linux resolves to an image imported from the specified imagestream tag on the build farm (documentation).

Environment

In addition to the default environment, the step exposes the following:

Variable Name Type Variable Content
SECRETS_PATH Parameter[?] The directory where credentials will be mounted. (default: /secrets)
GITHUB_SECRET Parameter[?] The name of the kube secret that contains the GitHub token file. (default: acm-cicd-github)
GITHUB_SECRET_FILE Parameter[?] THe name of the file in GITHUB_SECRET containing the GitHub token. (default: token)
GITHUB_USER Parameter[?] The GitHub user name. (default: acm-cicd-prow-bot)
RELEASE_REPO Parameter[?] The GitHub repo where ACM release data is stored. Do not include the "https://" prefix or the ".git" suffix. (default: github.com/open-cluster-management/release)
RELEASE_REF Parameter[?] The branch name for the release in the RELEASE_REPO. Default is blank this should only be used when the IMAGE_REPO release branch doesn't match the release branch name in the RELEASE_REPO.
DRY_RUN Parameter[?] When set to true this step will not execute the manifest update. (default: false)
OSCI_ENV_CONFIG Parameter[?] This is used to the configure the OSCI environment variables found at: https://github.com/open-cluster-management/build-harness-extensions/blob/master/modules/osci/Makefile

Source Code

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
#!/bin/bash

# This is to satisfy shellcheck SC2153
export RELEASE_REPO=${RELEASE_REPO}

export HOME=/tmp/home
mkdir -p "$HOME/.docker"
cd "$HOME" || exit 1

# log function
log_file="${ARTIFACT_DIR}/manifest-update.log"
log() {
    local ts
    ts=$(date --iso-8601=seconds)
    echo "$ts" "$@" | tee -a "$log_file"
}

# Note: REPO_NAME and REPO_OWNER are not available in periodic type jobs. Prow docs link below.
# https://github.com/kubernetes/test-infra/blob/master/prow/jobs.md#job-environment-variables
# We wouldn't have the infromation needed to do the business logic in a periodic run.
if [[ "$JOB_TYPE" == "periodic" ]]; then
    log "ERROR Cannot update the manifest from a $JOB_TYPE job"
    exit 1
fi

# Check to see if running in openshift/release -> set DRY_RUN to true
if [[ "$REPO_OWNER" == "openshift" && "$REPO_NAME" == "release" ]]; then
    log "INFO Running in openshift/release, setting DRY_RUN to true"
    DRY_RUN="true"
fi

# Setup GitHub credentials
GITHUB_TOKEN_FILE="$SECRETS_PATH/$GITHUB_SECRET/$GITHUB_SECRET_FILE"
log "INFO Setting up git credentials."
if [[ ! -r "${GITHUB_TOKEN_FILE}" ]]; then
    log "ERROR GitHub token file missing or not readable: $GITHUB_TOKEN_FILE"
    exit 1
fi
GITHUB_TOKEN=$(cat "$GITHUB_TOKEN_FILE")
{
    echo "https://${GITHUB_USER}:${GITHUB_TOKEN}@${RELEASE_REPO}.git"
} >> ghcreds
git config --global credential.helper 'store --file=ghcreds'

# Set up repo URLs
release_url="https://${RELEASE_REPO}.git"

# Clone repos
release_dir="$HOME/release"

log "INFO Cloning the RELEASE_REPO: ${RELEASE_REPO} into ${release_dir}"
git clone "$release_url" "$release_dir" || {
    log "ERROR Could not clone release repo $release_url"
    exit 1
}

# There are alot of OSCI env variables to configure this is a way to configure 
# without mapping all of them directly in the step registry.
if [[ -n "${OSCI_ENV_CONFIG:-}" ]]; then
    readarray -t config <<< "${OSCI_ENV_CONFIG}"
    for var in "${config[@]}"; do
        if [[ -n "${var}" ]]; then
            echo "export ${var}" >> "${SHARED_DIR}/osci-env-config"
        fi
    done

    # We create this file above - Ignore SC1091
    # shellcheck source=/dev/null
    source "${SHARED_DIR}/osci-env-config"
fi

# Determine current release branch
branch="${PULL_BASE_REF}"
log "INFO The base branch is $branch"

if [[ -n "$RELEASE_REF" ]]; then
    log "INFO RELEASE_REF variable is set. Using $RELEASE_REF for OSCI_COMPONENT_BRANCH."
    export OSCI_COMPONENT_BRANCH=${RELEASE_REF}
    log "INFO RELEASE_REF variable is set. Using $RELEASE_REF as branch."
    branch="${RELEASE_REF}"
fi

# Get current Z-stream version and set to OSCI_COMPONENT_VERSION
cd "$release_dir" || exit 1
git checkout "$branch" || {
    log "ERROR Could not checkout branch $branch in OCM release repo"
    exit 1
}
release=$(cat "$release_dir/Z_RELEASE_VERSION")
export OCSI_COMPONENT_VERSION=${release}
log "INFO Z-stream version is $release"

# Set OSCI_COMPONENT_NAME to REPO_NAME if it is not provided
export OSCI_COMPONENT_NAME=${OSCI_COMPONENT_NAME:-$REPO_NAME}
log "INFO OSCI_COMPONENT_NAME is ${OSCI_COMPONENT_NAME}."

if [[ "$DRY_RUN" == "false" ]]; then
    # We check for postsubmit specifically because we need a new image published 
    # before running this step. Putting this check down here means that this step
    # is rehearsable in openshift/release.
    if [[ ! ("$JOB_TYPE" = "postsubmit" ) ]]; then
        log "ERROR Cannot update the manifest from a $JOB_TYPE job"
        exit 1
    fi

    # Run manifest update
    cd /opt/build-harness/build-harness-extensions/modules/osci/ || exit 1
    make osci/publish BUILD_HARNESS_EXTENSIONS_PATH=/opt/build-harness/build-harness-extensions
else
    log "INFO DRY_RUN is set to $DRY_RUN. Exiting without publishing changes to OCM manifest."
fi

Properties

Property Value Description
Resource requests (cpu) 100m Used in .resources.requests of the pod running this step.
Resource requests (memory) 100Mi Used in .resources.requests of the pod running this step.

GitHub Link:

https://github.com/openshift/release/blob/master/ci-operator/step-registry/ocm/ci/manifest-update/ocm-ci-manifest-update-ref.yaml

Owners:

Approvers:

Source code for this page located on GitHub